Loading EN-304-625.md +36 −32 Original line number Diff line number Diff line Loading @@ -534,7 +534,7 @@ The examples given in each use case are for a finished product that includes the ### 4.7.3 Virtual network interface use cases * UC-VI-1 Virtual network interface for internal use on private device * UC-VI-1 Virtual network interface for internal use on private or professional device * E.g. loopback, containers, tunnel to local application * Packets only from other applications/users on host * Users limited to owner and who they trust Loading Loading @@ -1710,8 +1710,9 @@ Rationale: Skilled, fully resourced administration allows more risk transfer and Type: Affects likelihood and impact of all attacks. * **[ADM-L-0]** Foreseeable use includes skilled administration, fully resourced * **[ADM-L-1]** Foreseeable use includes unskilled and/or under-resourced administration * **[ADM-L-0]** Foreseeable use is with fully resourced professional administration * **[ADM-L-1]** Foreseeable use is with professional administration with limited resources * **[ADM-L-2]** Foreseeable use is with unskilled or no administration **[SYS]** Impact of access to host system assets Loading Loading @@ -1827,13 +1828,15 @@ For each threat, a table shows how to use the risk factors to calculate the leve ### C.4.3 List of threats and risk assessments #### C.4.3.1 Known exploitable vulnerabilities **[TH-KEVU]:** Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | (SFT > 1 or NET > 1) & COM > 1 & ADM = 1 | High | | (SFT = 1 or NET = 1) & COM > 1 & ADM = 1 | Medium | | (SFT < 1 & NET < 1) or COM = 0 or ADM = 0 | Low | |-----------------------------------------------|------------| | max(PHYS, SFT, NET) > 1 & COM > 1 & ADM > 0 | High | | all others | Medium | | max(PHYS, SFT, NET) < 1 or COM = 0 or ADM = 0 | Low | | Risk factors | Impact | |----------------------------------|--------| Loading Loading @@ -1863,8 +1866,9 @@ Requirements: SSDD, LMII, DMIN, LMAS, LOGG | Risk factors | Likelihood | |--------------|------------| | ADM = 0 | High | | ADM = 2 | High | | ADM = 1 | Medium | | ADM = 0 | Low | | Risk factors | Impact | |--------------|--------| Loading @@ -1877,10 +1881,10 @@ Requirements: SDEL, SDEF **[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets. | Risk factors | Likelihood | |--------------------------------|------------| | (SFT > 1 or NET > 1) & ADM = 1 | High | | (SFT = 1 or NET = 1) & ADM = 0 | Medium | | (SFT < 1 & NET < 1) | Low | |-----------------------------------|------------| | max(PHY, SFT, NET) > 1 & ADM > 0 | High | | all others | Medium | | max(PHY, SFT, NET) < 1 or ADM = 0 | Low | | Risk factors | Impact | |----------------------------------|--------| Loading Loading @@ -1992,35 +1996,35 @@ Requirements: NKEV, SCUD, SSDD, LMII, LMAS, LOGG | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WD-1 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-1 | 0 | 0 | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-2 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 0 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-4 | 0 | 0 | 2 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-5 | 0 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 1 | 1 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 1 | 1 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 1 | 1 | 1 | 1 | 2 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 1 | 1 | 2 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 0 | 2 | 1 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | SP-WD-4 | | UC-WD-10 | 2 | 2 | 1 | 1 | 0 | 2 | 2 | 0 | 0 | 0 | 1 | SP-WD-4 | | UC-WD-10 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 0 | 0 | 1 | SP-WD-4 | #### C.5.2.2 Wireless network interface use cases | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WL-1 | 0 | 0 | 0 | 2 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | SP-WL-1 | | UC-WL-2 | 0 | 0 | 1 | 2 | 1 | 1 | 0 | 0 | 0 | 1 | 2 | SP-WL-1 | | UC-WL-3 | 0 | 0 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-2 | 0 | 0 | 1 | 2 | 2 | 1 | 0 | 0 | 0 | 1 | 2 | SP-WL-1 | | UC-WL-3 | 0 | 0 | 2 | 2 | 0 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-4 | 1 | 1 | 2 | 2 | 0 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-5 | 0 | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-6 | 1 | 1 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-3 | | UC-WL-5 | 0 | 1 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-6 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-3 | | UC-WL-7 | 2 | 2 | 1 | 2 | 1 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WL-3 | #### C.5.2.3 Virtual network interface use cases | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-VI-1 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 0 | SP-VI-1 | | UC-VI-2 | 0 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | 1 | 0 | SP-VI-2 | | UC-VI-1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 0 | SP-VI-1 | | UC-VI-2 | 0 | 1 | 2 | 2 | 2 | 0 | 1 | 1 | 1 | 1 | 0 | SP-VI-2 | | UC-VI-3 | 0 | 1 | 1 | 2 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | SP-VI-2 | | UC-VI-4 | 0 | 2 | 2 | 2 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | SP-VI-2 | Loading @@ -2038,25 +2042,25 @@ Security profiles are associated with sets of risk factor levels. | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-1 | 0 | 0 | 0 | 1 | 2 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-2 | 0 | 0 | 2 | 1 | 1 | 2 | 2 | 0 | 1 | 2 | 1 | | SP-WD-3 | 1 | 1 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 2 | 2 | 2 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | | SP-WD-3 | 1 | 1 | 2 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 2 | 2 | 2 | 1 | 1 | 2 | 2 | 0 | 1 | 2 | 1 | #### C.6.2.2 Wireless network interface security profiles | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WL-1 | 0 | 0 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WL-2 | 1 | 1 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-3 | 2 | 2 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-1 | 0 | 0 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WL-2 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-3 | 2 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | #### C.6.2.3 Virtual network interface security profiles | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-VI-1 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | 1 | 0 | | SP-VI-2 | 0 | 2 | 2 | 2 | 1 | 0 | 2 | 2 | 2 | 2 | 0 | | SP-VI-1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 0 | | SP-VI-2 | 0 | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | 0 | ## C.7 How to add new security profiles Loading Loading
EN-304-625.md +36 −32 Original line number Diff line number Diff line Loading @@ -534,7 +534,7 @@ The examples given in each use case are for a finished product that includes the ### 4.7.3 Virtual network interface use cases * UC-VI-1 Virtual network interface for internal use on private device * UC-VI-1 Virtual network interface for internal use on private or professional device * E.g. loopback, containers, tunnel to local application * Packets only from other applications/users on host * Users limited to owner and who they trust Loading Loading @@ -1710,8 +1710,9 @@ Rationale: Skilled, fully resourced administration allows more risk transfer and Type: Affects likelihood and impact of all attacks. * **[ADM-L-0]** Foreseeable use includes skilled administration, fully resourced * **[ADM-L-1]** Foreseeable use includes unskilled and/or under-resourced administration * **[ADM-L-0]** Foreseeable use is with fully resourced professional administration * **[ADM-L-1]** Foreseeable use is with professional administration with limited resources * **[ADM-L-2]** Foreseeable use is with unskilled or no administration **[SYS]** Impact of access to host system assets Loading Loading @@ -1827,13 +1828,15 @@ For each threat, a table shows how to use the risk factors to calculate the leve ### C.4.3 List of threats and risk assessments #### C.4.3.1 Known exploitable vulnerabilities **[TH-KEVU]:** Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | (SFT > 1 or NET > 1) & COM > 1 & ADM = 1 | High | | (SFT = 1 or NET = 1) & COM > 1 & ADM = 1 | Medium | | (SFT < 1 & NET < 1) or COM = 0 or ADM = 0 | Low | |-----------------------------------------------|------------| | max(PHYS, SFT, NET) > 1 & COM > 1 & ADM > 0 | High | | all others | Medium | | max(PHYS, SFT, NET) < 1 or COM = 0 or ADM = 0 | Low | | Risk factors | Impact | |----------------------------------|--------| Loading Loading @@ -1863,8 +1866,9 @@ Requirements: SSDD, LMII, DMIN, LMAS, LOGG | Risk factors | Likelihood | |--------------|------------| | ADM = 0 | High | | ADM = 2 | High | | ADM = 1 | Medium | | ADM = 0 | Low | | Risk factors | Impact | |--------------|--------| Loading @@ -1877,10 +1881,10 @@ Requirements: SDEL, SDEF **[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets. | Risk factors | Likelihood | |--------------------------------|------------| | (SFT > 1 or NET > 1) & ADM = 1 | High | | (SFT = 1 or NET = 1) & ADM = 0 | Medium | | (SFT < 1 & NET < 1) | Low | |-----------------------------------|------------| | max(PHY, SFT, NET) > 1 & ADM > 0 | High | | all others | Medium | | max(PHY, SFT, NET) < 1 or ADM = 0 | Low | | Risk factors | Impact | |----------------------------------|--------| Loading Loading @@ -1992,35 +1996,35 @@ Requirements: NKEV, SCUD, SSDD, LMII, LMAS, LOGG | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WD-1 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-1 | 0 | 0 | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-2 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 0 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-4 | 0 | 0 | 2 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-5 | 0 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 1 | 1 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 1 | 1 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 1 | 1 | 1 | 1 | 2 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 1 | 1 | 2 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 0 | 2 | 1 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | SP-WD-4 | | UC-WD-10 | 2 | 2 | 1 | 1 | 0 | 2 | 2 | 0 | 0 | 0 | 1 | SP-WD-4 | | UC-WD-10 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 0 | 0 | 1 | SP-WD-4 | #### C.5.2.2 Wireless network interface use cases | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WL-1 | 0 | 0 | 0 | 2 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | SP-WL-1 | | UC-WL-2 | 0 | 0 | 1 | 2 | 1 | 1 | 0 | 0 | 0 | 1 | 2 | SP-WL-1 | | UC-WL-3 | 0 | 0 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-2 | 0 | 0 | 1 | 2 | 2 | 1 | 0 | 0 | 0 | 1 | 2 | SP-WL-1 | | UC-WL-3 | 0 | 0 | 2 | 2 | 0 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-4 | 1 | 1 | 2 | 2 | 0 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-5 | 0 | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-6 | 1 | 1 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-3 | | UC-WL-5 | 0 | 1 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WL-2 | | UC-WL-6 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | SP-WL-3 | | UC-WL-7 | 2 | 2 | 1 | 2 | 1 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WL-3 | #### C.5.2.3 Virtual network interface use cases | Use case | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-VI-1 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 0 | SP-VI-1 | | UC-VI-2 | 0 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | 1 | 0 | SP-VI-2 | | UC-VI-1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 0 | SP-VI-1 | | UC-VI-2 | 0 | 1 | 2 | 2 | 2 | 0 | 1 | 1 | 1 | 1 | 0 | SP-VI-2 | | UC-VI-3 | 0 | 1 | 1 | 2 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | SP-VI-2 | | UC-VI-4 | 0 | 2 | 2 | 2 | 0 | 0 | 2 | 2 | 2 | 2 | 0 | SP-VI-2 | Loading @@ -2038,25 +2042,25 @@ Security profiles are associated with sets of risk factor levels. | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-1 | 0 | 0 | 0 | 1 | 2 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-2 | 0 | 0 | 2 | 1 | 1 | 2 | 2 | 0 | 1 | 2 | 1 | | SP-WD-3 | 1 | 1 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 2 | 2 | 2 | 1 | 0 | 2 | 2 | 0 | 1 | 2 | 1 | | SP-WD-3 | 1 | 1 | 2 | 1 | 2 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 2 | 2 | 2 | 1 | 1 | 2 | 2 | 0 | 1 | 2 | 1 | #### C.6.2.2 Wireless network interface security profiles | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WL-1 | 0 | 0 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WL-2 | 1 | 1 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-3 | 2 | 2 | 2 | 2 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-1 | 0 | 0 | 1 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WL-2 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | | SP-WL-3 | 2 | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | #### C.6.2.3 Virtual network interface security profiles | Security profile | PHY | SFT | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-VI-1 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | 1 | 0 | | SP-VI-2 | 0 | 2 | 2 | 2 | 1 | 0 | 2 | 2 | 2 | 2 | 0 | | SP-VI-1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 0 | | SP-VI-2 | 0 | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | 0 | ## C.7 How to add new security profiles Loading
